private void IncorporateOCSPRefs(CompleteRevocationRefs completeRevocationRefs
, ValidationContext ctx)
{
if (!ctx.GetNeededOCSPResp().IsEmpty())
{
var ocsp = ctx.GetNeededOCSPResp()[0];
//TODO jbonill Digest parameter?
byte[] ocspDigest = DigestUtilities.CalculateDigest("SHA-1", ocsp.GetEncoded());
MSXades.OCSPRef incOCSPRef = new MSXades.OCSPRef();
//TODO jbonilla Digest parameter?
incOCSPRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incOCSPRef.CertDigest.DigestValue = ocspDigest;
//TODO jbonilla
//incOCSPRef.OCSPIdentifier.UriAttribute = "";
incOCSPRef.OCSPIdentifier.ProducedAt = ocsp.ProducedAt;
string responderIdText = "";
RespID respId = ocsp.ResponderId;
ResponderID ocspResponderId = respId.ToAsn1Object();
DerTaggedObject derTaggedObject = (DerTaggedObject)ocspResponderId.ToAsn1Object();
if (2 == derTaggedObject.TagNo)
{
responderIdText = Convert.ToBase64String(ocspResponderId.GetKeyHash());
}
else
{
responderIdText = ocspResponderId.Name.ToString();
}
incOCSPRef.OCSPIdentifier.ResponderID = responderIdText;
completeRevocationRefs.OCSPRefs.OCSPRefCollection.Add(incOCSPRef);
}
}
/// <summary>
/// Load state from an XML element
/// </summary>
/// <param name="xmlElement">XML element containing new state</param>
public void LoadXml(System.Xml.XmlElement xmlElement)
{
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList xmlNodeList;
OCSPRef newOCSPRef;
IEnumerator enumerator;
XmlElement iterationXmlElement;
if (xmlElement == null)
{
throw new ArgumentNullException("xmlElement");
}
xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri);
this.ocspRefCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xsd:OCSPRef", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newOCSPRef = new OCSPRef();
newOCSPRef.LoadXml(iterationXmlElement);
this.ocspRefCollection.Add(newOCSPRef);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer)
{
bool byKey = false;
List<string> ocspServers = new List<string>();
Org.BouncyCastle.X509.X509Certificate clientCert = CertUtil.ConvertToX509Certificate(client);
Org.BouncyCastle.X509.X509Certificate issuerCert = CertUtil.ConvertToX509Certificate(issuer);
OcspClient ocsp = new OcspClient();
string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert);
if (!string.IsNullOrEmpty(certOcspUrl))
{
ocspServers.Add(certOcspUrl);
}
foreach (var ocspUrl in _firma.OCSPServers)
{
ocspServers.Add(ocspUrl);
}
foreach (var ocspUrl in ocspServers)
{
byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspUrl);
FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(clientCert, issuerCert, resp);
if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked)
{
throw new Exception("Certificado revocado");
}
else if (status == FirmaXadesNet.Clients.CertificateStatus.Good)
{
Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp);
byte[] rEncoded = r.GetEncoded();
BasicOcspResp or = (BasicOcspResp)r.GetResponseObject();
string guidOcsp = Guid.NewGuid().ToString();
OCSPRef ocspRef = new OCSPRef();
ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp;
DigestUtil.SetCertDigest(rEncoded, _firma.RefsDigestMethod, ocspRef.CertDigest);
Org.BouncyCastle.Asn1.Ocsp.ResponderID rpId = or.ResponderId.ToAsn1Object();
string name = GetResponderName(rpId, ref byKey);
if (!byKey)
{
ocspRef.OCSPIdentifier.ResponderID = RevertIssuerName(name);
}
else
{
ocspRef.OCSPIdentifier.ResponderID = name;
ocspRef.OCSPIdentifier.ByKey = true;
}
ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime();
unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef);
OCSPValue ocspValue = new OCSPValue();
ocspValue.PkiData = rEncoded;
ocspValue.Id = "OcspValue" + guidOcsp;
unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue);
return (from cert in or.GetCerts()
select new X509Certificate2(cert.GetEncoded())).ToArray();
}
}
throw new Exception("El certificado no ha podido ser validado");
}
/// <summary>
/// Add typed object to the collection
/// </summary>
/// <param name="objectToAdd">Typed object to be added to collection</param>
/// <returns>The object that has been added to collection</returns>
public OCSPRef Add(OCSPRef objectToAdd)
{
base.Add(objectToAdd);
return(objectToAdd);
}
/// <summary>
/// Load state from an XML element
/// </summary>
/// <param name="xmlElement">XML element containing new state</param>
public void LoadXml(System.Xml.XmlElement xmlElement)
{
XmlNamespaceManager xmlNamespaceManager;
XmlNodeList xmlNodeList;
OCSPRef newOCSPRef;
IEnumerator enumerator;
XmlElement iterationXmlElement;
if (xmlElement == null)
{
throw new ArgumentNullException("xmlElement");
}
xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri);
this.ocspRefCollection.Clear();
xmlNodeList = xmlElement.SelectNodes("xsd:OCSPRef", xmlNamespaceManager);
enumerator = xmlNodeList.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
iterationXmlElement = enumerator.Current as XmlElement;
if (iterationXmlElement != null)
{
newOCSPRef = new OCSPRef();
newOCSPRef.LoadXml(iterationXmlElement);
this.ocspRefCollection.Add(newOCSPRef);
}
}
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
/// <summary>
/// Add typed object to the collection
/// </summary>
/// <param name="objectToAdd">Typed object to be added to collection</param>
/// <returns>The object that has been added to collection</returns>
public OCSPRef Add(OCSPRef objectToAdd)
{
base.Add(objectToAdd);
return objectToAdd;
}
private void IncorporateOCSPRefs(CompleteRevocationRefs completeRevocationRefs
, ValidationContext ctx)
{
if (!ctx.GetNeededOCSPResp().IsEmpty())
{
var ocsp = ctx.GetNeededOCSPResp()[0];
//TODO jbonill Digest parameter?
byte[] ocspDigest = DigestUtilities.CalculateDigest("SHA-1", ocsp.GetEncoded());
MSXades.OCSPRef incOCSPRef = new MSXades.OCSPRef();
//TODO jbonilla Digest parameter?
incOCSPRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url;
incOCSPRef.CertDigest.DigestValue = ocspDigest;
//TODO jbonilla
//incOCSPRef.OCSPIdentifier.UriAttribute = "";
incOCSPRef.OCSPIdentifier.ProducedAt = ocsp.ProducedAt;
string responderIdText = "";
RespID respId = ocsp.ResponderId;
ResponderID ocspResponderId = respId.ToAsn1Object();
DerTaggedObject derTaggedObject = (DerTaggedObject)ocspResponderId.ToAsn1Object();
if (2 == derTaggedObject.TagNo)
{
responderIdText = Convert.ToBase64String(ocspResponderId.GetKeyHash());
}
else
{
responderIdText = ocspResponderId.Name.ToString();
}
incOCSPRef.OCSPIdentifier.ResponderID = responderIdText;
completeRevocationRefs.OCSPRefs.OCSPRefCollection.Add(incOCSPRef);
}
}
